High severityNVD Advisory· Published Jun 6, 2019· Updated Aug 4, 2024
CVE-2019-12274
CVE-2019-12274
Description
In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.0.0, < 2.2.4 | 2.2.4 |
github.com/rancher/rancherGo | < 1.6.27 | 1.6.27 |
Affected products
2- Rancher/Rancherdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-gc62-j469-9gjmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-12274ghsaADVISORY
- forums.rancher.com/c/announcementsmitrex_refsource_CONFIRM
- forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.